Wednesday, 8 March 2017

Lawmaker Wants Hacked Toymaker To Come Clean About Data Breach

A US Senator is worried about the data breach suffered by an American toymaker that sells Internet of Things teddy bears, and wants the company to come clean about the incident.

On Tuesday, Sen. Bill Nelson (D-Florida) sent a letter to Spiral Toys, asking the company a series of questions about the data breach that exposed the personal data of 800,000 owners of internet-connected stuffed animals and their children.

At the end of last year, Spiral Toys, the makers of Internet of Things stuffed animals CloudPets, left customers emails and hashed passwords in a database completely exposed online, potentially giving hackers access to recordings exchanged between parents and their kids, as Motherboard first reported last week.

"What security measures Spiral Toys had in place at the time of breach to protect against the risk of unauthorized access to its data?" the senator asks in the letter.

Nelson asked the company to disclose when it found out about the breach, the amount of data that was "potentially" available to hackers, and whether the children privacy law COPPA applies to Spiral Toys.

Spiral Toys did not disclose the breach until Motherboard broke the news. The company also claimed it didn't find out about the breach until I reached out, despite the fact that at least one security researcher tried to warn it in late December.

Spiral Toys did not immediately respond to a request for comment.

Nelson asked Spiral Toys to answer his questions no later than March 23.